Merge branch 'ingela/ssl/dtls-cookie/OTP-14076'

* ingela/ssl/dtls-cookie/OTP-14076:
  dtls: Implement DTLS cookie secret generation

1 files changed, 11 insertions, 1 deletions

diff --git a/lib/ssl/src/dtls_v1.erl b/lib/ssl/src/dtls_v1.erl
index dd0d35d404..4aaf8baa6c 100644
--- a/lib/ssl/src/dtls_v1.erl
+++ b/lib/ssl/src/dtls_v1.erl
@@ -22,7 +22,10 @@
 -include("ssl_cipher.hrl").
 
 -export([suites/1, all_suites/1, mac_hash/7, ecc_curves/1, 
-         corresponding_tls_version/1, corresponding_dtls_version/1]).
+         corresponding_tls_version/1, corresponding_dtls_version/1,
+         cookie_secret/0, cookie_timeout/0]).
+
+-define(COOKIE_BASE_TIMEOUT, 30000).
 
 -spec suites(Minor:: 253|255) -> [ssl_cipher:cipher_suite()].
 
@@ -47,6 +50,13 @@ ecc_curves({_Major, Minor}) ->
 corresponding_tls_version({254, Minor}) ->
     {3, corresponding_minor_tls_version(Minor)}.
 
+cookie_secret() ->
+    crypto:strong_rand_bytes(32).
+
+cookie_timeout() ->
+    %% Cookie will live for two timeouts periods
+    round(rand:uniform() * ?COOKIE_BASE_TIMEOUT/2).
+    
 corresponding_minor_tls_version(255) ->
     2;
 corresponding_minor_tls_version(253) ->